Posted by: kurtsh | March 31, 2011

NEWS: Blocking fraudulent SSL certificates via Windows Update

Prepare for an automatic Windows Update that will block the rogue SSL certificates that were issued by Comodo.  In case you hadn’t heard, Comodo accidentally issued certificates that illicitly represent:

  • login.live.com
  • mail.google.com
  • http://www.google.com
  • login.yahoo.com (3 certificates)
  • login.skype.com
  • addons.mozilla.org
  • “Global Trustee”

Yeah.  Not good.  Users could hit a web site claiming to be one of the above and the certificate would verify their authenticity as legitimate.  This would enable them to capture those users authentication credentials and other information they enter in.

More details are posted here:


Categories

%d bloggers like this: